Filtered by vendor Redhat
Subscriptions
Filtered by product Red Hat 3scale Amp
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-10295 | 1 Redhat | 1 Red Hat 3scale Amp | 2024-11-12 | 7.5 High |
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream. | ||||
CVE-2024-9671 | 1 Redhat | 1 Red Hat 3scale Amp | 2024-10-10 | 5.3 Medium |
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed. | ||||
CVE-2023-0456 | 1 Redhat | 2 Apicast, Red Hat 3scale Amp | 2024-09-24 | 7.4 High |
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | ||||
CVE-2023-5349 | 3 Fedoraproject, Redhat, Rmagick | 3 Fedora, Red Hat 3scale Amp, Rmagick | 2024-08-29 | 5.3 Medium |
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | ||||
CVE-2024-0560 | 1 Redhat | 1 Red Hat 3scale Amp | 2024-08-28 | 6.3 Medium |
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid. | ||||
CVE-2023-4910 | 1 Redhat | 2 3scale Api Management, Red Hat 3scale Amp | 2024-08-20 | 5.5 Medium |
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. |
Page 1 of 1.